Forum Discussion

rafaelbn_176840's avatar
rafaelbn_176840
Icon for Altocumulus rankAltocumulus
Feb 07, 2019

BIG-IP CGNAT - VLAN CMP Hash

Hello Devs! How is everybody doing?

I'm trying to wrap my head around a requirement for the CGNAT module.

Currently, it's mandatory that, for the CGNAT using PBA LSN pools, that the ingress VLAN uses the VLAN CMP hash as source address and the egress VLAN uses destination as the cmp hash.

I understand what the CMP hash does but on an environment where the BIG-IP is the CGNAT device and routes to the internet, every time a new client connects, it will use ephemeral ports as the source and different destination IPs as the destination, so the default cmp hash would/should do the trick.

But if I don't set the cmp hash correctly, I get some error on /var/lo/ltm.

Feb  6 14:54:01 bigip1 err tmm[31839]: 01670024:3: Unsupported DAG mode for LSN pool(/Common/lsn_pool_rd10) mode PBA on interface /Common/F5_BACKBONE
Feb  6 14:54:53 bigip1 err tmm[31839]: 01670024:3: Unsupported DAG mode for LSN pool(/Common/lsn_pool_rd10) mode PBA on interface /Common/F5_BACKBONE

I just wanted to understand the why of this.

Thanks, Rafael.

  • After digging a little deeper, I found an article explaining the reasoning.

     

    https://support.f5.com/csp/article/K54951499

     

    The idea (to my understanding at least) is to optimize the return traffic, kind of pinning the subscriber to the same TMM process. If you don't do that, the returning traffic could be handled by another TMM and both TMM process handling that one subscriber would need to communicate, introducing some delays.

     

    Sorry for asking too early! Cheers! Rafael

     

  • Nath's avatar
    Nath
    Icon for Cirrostratus rankCirrostratus

    You really help me understand the use of SPDAG in CGNAT :)